What the vulnerability does
01Description
Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
CVE-2023-2000
MEDIUM
CVE-2023-2000: Unrestricted navigation due to unvalidated mattermost server redirection
CVSS base score
5.4/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Key dates
02Disclosure timeline
May 2, 2023
CVE published
December 6, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-25111 English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect
CVE-2025-6238 AI Engine 2.8.4 - Insecure OAuth Implementation
CVE-2020-5409 Concourse Open Redirect in the /sky/login endpoint
CVE-2024-53995 GHSL-2024-288: SickChill open redirect in login
CVE-2023-22729 Silverstripe Framework has open redirect vulnerability on CMSSecurity relogin screen
